PINGACCESS POLICY MIGRATIONDe-risk Legacy WAM Migration, Automate Policy Management

SOLUTION BRIEF

Once the de facto standard, the web access management (WAM) solution of yesterday wasn’t designed for the requirements you face today—requirements that also include the need to automate manual processes and introduce DevOps processes into your access management practice. However, after decades of integrating applications with your legacy WAM system, each with its own set of access policies, the prospect of migration can seem daunting. But that can change with PingAccess Policy Migration (PAPM). As a solution to ease your migration from legacy WAM systems, including CA SiteMinder (CA SSO) and Oracle Access Manager, PAPM removes the burdensome and error-prone processes involved in manually migrating hundreds of policies from your legacy WAM system to PingAccess.

Once policies are deployed to a pre-production environment, PAPM enables you to test policy logic and subsequently promote policies to higher-level environments. And to cap it off, you can manage the health of each of your PingFederate (PF) and PingAccess (PA) clusters

with a range of monitoring dashboards.

POLICY MIGRATIONPAPM enables reliable, error-free migrations by reducing the pitfalls that can occur when an administrator manually inputs policy data for migration. PAPM automates the process of getting from a legacy policy export to a set of migrated, deployed PingAccess (PA) and PingFederate (PF) policiesthat enact the same authorization logic.

As each system defines resources in a unique manner, PAPM contains rule processor plugins to bridge the gaps.

Modern attributes—which legacy WAM systems don’t includein policies—are automatically pulled from the groups you create in advance of the migration.

• Import 1M+ lines of XML in minutes.

• Migrate to a proxy or agent configuration.

• Review corresponding import and export values.

• Troubleshoot common errors (mapping, exports).

ORACLE ACCESS

MANAGER

CA SITEMINDER

(CA SSO)

EXPORT & NORMALIZE

JSONPOLICY FILE

Migrated Policies

PingAccess Policy Migration

Establish Environment Settings(PF & PA connection)

Export Legacy Policy Create Policy Groups (PF agent, session, site, identity map)

2 3

Select Policy Group,AuthenticationRequirements

41

POLICY TESTPAPM provides an interface to test policy logic and authentication flows prior to deployment. This includes capabilities to impersonate diverse sets of users to ensure compatibility across multiple access scenarios. Load testing is also available to measure a policy’s response performance under both normal and anticipated peak load conditions.

• Conduct testing prior to agent and app configuration.

• Test authentication and OIDC flows to applications.

• Retrieve custom HTTP headers provided by PingAccess.

• Load test policy logic and associated response times.

POLICY PROMOTIONPAPM provides automated processes to move policies between development, testing, staging and production environments.

This eliminates the need to manually rebuild similar policies within an environment or to recreate the same policies across environments.

• Promote policies to higher level environments.

• Export policies to flat file databases for recovery.

• Remove policies, with all dependencies considered.

DevelopmentEnvironment

Policy (DevConfiguration)

Automation Transform Process

Environment Settings (Dev, QA, Prod, etc)

PolicyArchive

Export Package

TestEnvironment

Policy (TestConfiguration)

Ping Identity envisions a digital world powered by intelligent identity. We help enterprises achieve Zero Trust, identity-defined security and more personalized, streamlined user experiences. The Ping Intelligent Identity Platform provides customers, employees and partners with access to cloud, mobile, SaaS and on-premises applications and APIs, while also managing identity and profile data at scale. Over half of the Fortune 100 choose us for our identity expertise, open standards leadership, and partnership with companies including Microsoft, Amazon and Google. We provide flexible options to extend hybrid IT environments and accelerate digital business initiatives with multi-factor authentication, single sign-on, access management, intelligent API security, directory and data governance capabilities. Visit pingidentity.com.#3343 | 01.19 | v04

Migrating your applications to PingAccess and automating policy management has never been easier. To learn more about PingAccess Policy Migration, contact your Ping sales representative.

PAPM offers monitoring dashboards to view real-time

environment status for PingFederate and PingAccess,

alongside a historical view of activity to aid in troubleshooting.

A health check monitor provides a consolidated health status

view of Ping servers and can quickly alert an administrator to

current or escalating issues. Other monitors include graphical

displays of historical and live response times, CPU load,

open connections comparisons, memory usage, sync

status and more.

• Check response times to ensure servers aren’t

overburdened.

• View the activity of open proxy connections.

• Check available memory and CPU utilization.

• Ensure servers within a cluster are configured identically.

MONITORING DASHBOARD

HEALTHY SYNC FAILURE

ACTIVE FAILURE